Sign in with
Sign up | Sign in
Your question

DNS in 2003 Domain

Last response: in Windows 2000/NT
Share
Anonymous
July 20, 2005 7:53:29 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

All,
I'm fairly new to DNS in a 2003 domain. I've been tasked with making
the DNS more efficient and seeing what can be done to improve it. The
domain was migrated from a Win 2000 domain. I've been looking at the
DNS structure we currently have, and been reading up on MS's site
regarding the _msdcs bits.

At the moment, we have a structure in DNS as such:

Under the Forward Lookup Zone, we have DOMAIN.com, under DOMAIN.com
there are 4 folders/containers called _msdcs, _sites, _tcp, _udp,
DomainDnsZones, ForestDnsZones.

What I cant get my head around is whether this layout is correct. On
MS's site (http://tinyurl.com/ap2ym) it states the _msdcs part as
_msdcs.forestname and talks about going into its properties etc, but
there is no properties tab for _msdcs.

There is no Application Directory partition set up as yet. Our root
domain controller is 2003, but we have a mixture of 2000 and 2003
DC's.

Can anyone inform me about what the DNS layout structure should look
like now we're on a 2003 domain, and how it can be optimised. At
present our DNS works, but it hasnt been touched since we upgraded to
2003.

Any help greatly appreciated.



--
bassaddict
------------------------------------------------------------------------
Posted via http://www.webservertalk.com
------------------------------------------------------------------------
View this thread: http://www.webservertalk.com/message1139050.html

More about : dns 2003 domain

Anonymous
July 22, 2005 11:37:53 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

"" wrote:
> All,
> I'm fairly new to DNS in a 2003 domain. I've been tasked with
> making
> the DNS more efficient and seeing what can be done to improve
> it. The
> domain was migrated from a Win 2000 domain. I've been looking
> at the
> DNS structure we currently have, and been reading up on MS's
> site
> regarding the _msdcs bits.
>
> At the moment, we have a structure in DNS as such:
>
> Under the Forward Lookup Zone, we have DOMAIN.com, under
> DOMAIN.com
> there are 4 folders/containers called _msdcs, _sites, _tcp,
> _udp,
> DomainDnsZones, ForestDnsZones.
>
> What I cant get my head around is whether this layout is
> correct. On
> MS's site (http://tinyurl.com/ap2ym) it states the _msdcs part
> as
> _msdcs.forestname and talks about going into its properties
> etc, but
> there is no properties tab for _msdcs.
>
> There is no Application Directory partition set up as yet. Our
> root
> domain controller is 2003, but we have a mixture of 2000 and
> 2003
> DC's.
>
> Can anyone inform me about what the DNS layout structure
> should look
> like now we're on a 2003 domain, and how it can be optimised.
> At
> present our DNS works, but it hasnt been touched since we
> upgraded to
> 2003.
>
> Any help greatly appreciated.
>
>
>
> --
> bassaddict
> --------------------------------------------------------------
> ----------
> Posted via http://www.webservertalk.com
> --------------------------------------------------------------
> ----------
> View this thread:
> http://www.webservertalk.com/message1139050.html

when you have a DNS zone (e.g. DOMAIN.COM) for the AD domain
DOMAIN.COM, that zone automatically has 4 underscores domains and if
it is w2k3 DCs with DNS you will also have application partitions
(domainzones and forestzones) that dictate the replication scope of a
zone.

The underscore domain has DNS resource records from DCs that provide
services. This is for all domains in a forest.

However, the _MSDCS DNS subdomain of the AD forest root domain hosts
records for all DCs in the forest, no matter what domain they are in!.
All the DCs in the forest use that _MSDCS DNS domain in forest root AD
domain. When you have a single domain forest you can leave it at the
default as all DCs in the domain that are also DNS have a copy of it
to read and to register.
This is different in a multiple domain forest. As all DCs in the
forest use the _MSDCS DNS domain of the forest root AD domain it is
best the DNS servers in those AD domains have a copy of it.
With W2K3 DCs/DNS servers it is possible to create a AD integrated
zone (e.g. _MSDCS.DOMAIN.COM) and assign a replication scope (e.g.
forest wide to all DNS servers). This way all W2K3 DC/DNS servers will
receive a read/write copy of it.
With W2K DCs/DNS servers it is possible to create a AD integrated zone
(e.g. _MSDCS.DOMAIN.COM) but NOT to assign a replication scope. A
read/write copy cannot leave the w2k DC/DNS servers of the forest root
ad domain. To enable that DCs/DNS servers still at least receive a
read copy of the zone set up secondary DNS zone for the
_MSDCS.DOMAIN.COM on those DC/DNS in the non-forest root AD domains
and use the DNS servers in the forest root AD domain as the master
servers.

Did this explanation help you?

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/DNS-2003-Domain-ftopict398...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1317950
Anonymous
July 23, 2005 3:33:14 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:bassaddict.1sgxt3@mail.webservertalk.com,
bassaddict <bassaddict.1sgxt3@mail.webservertalk.com> stated, which I then
commented on below:
> All,
> I'm fairly new to DNS in a 2003 domain. I've been tasked with making
> the DNS more efficient and seeing what can be done to improve it. The
> domain was migrated from a Win 2000 domain. I've been looking at the
> DNS structure we currently have, and been reading up on MS's site
> regarding the _msdcs bits.
>
> At the moment, we have a structure in DNS as such:
>
> Under the Forward Lookup Zone, we have DOMAIN.com, under DOMAIN.com
> there are 4 folders/containers called _msdcs, _sites, _tcp, _udp,
> DomainDnsZones, ForestDnsZones.
>
> What I cant get my head around is whether this layout is correct. On
> MS's site (http://tinyurl.com/ap2ym) it states the _msdcs part as
> _msdcs.forestname and talks about going into its properties etc, but
> there is no properties tab for _msdcs.
>
> There is no Application Directory partition set up as yet. Our root
> domain controller is 2003, but we have a mixture of 2000 and 2003
> DC's.
>
> Can anyone inform me about what the DNS layout structure should look
> like now we're on a 2003 domain, and how it can be optimised. At
> present our DNS works, but it hasnt been touched since we upgraded to
> 2003.
>
> Any help greatly appreciated.

In addition to Jorge's reply, the _msdcs zone under your domain.com zone is
delegated to your own server, thus why it should show up as a completely
separate name space. If it doesn't, then there's an issue. That zone needs
to be available everywhere in the forest and it;s replication scope is set
to the ForestDnsZones app partition to be available as such. But if you are
in a mixed environment, that zone is not available on a Win2000 DC.

It would be easier to move your DNS services to only the Win2003 server and
uninstall DNS off the Win2000 servers, to handle this function. If you are
looking at the DNS zones on a Win2000 DNS console, those Win2003 properties
will not be available hence a possible part of the confusion.

Look at it under Win2003 and let us know if that zone exists. If they do
not, follow that article you posted to fix it.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
Related resources
Anonymous
July 26, 2005 9:26:25 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hey

Thanks to both of you for your replies. Let me just clarify the
existing set up. Our Forest Root is 2003, and we have a mixture of Win
2000 and Win 2003 DCs and DNS Servers. All of our 15 branch offices
have 2 DNS servers / DC's, one being Win 2000 and one being Win 2003.
Each server points to itself for lookups and then to the Forest Root
which is located at head office. Is this good practice?

On our 2003 DNS servers, the option to create a default application
directory partition is available (but not on the 2000 DNS boxes). Am i
correct in thinking to set this up though, all DNS servers should be
running on 2003? In my proposal, I am recommending upgrading all 2000
to 2003 DNS and using Application Directory Partition to improve
replication, but does the Forest Functional level need to be raised to
2003?

Underneath our ForwardLookupZone, we have our domain (lets call it
domain.com) Underneath here, we have the default _msdcs, _sites, _tcp,
_udp, DomainDnsZones and ForestDnsZones. The DNS is active directory
integrated and uses forwarders to the forest root without recursion for
the domain, and then the Forest Root forwards WITH recursion to the ISP
DNS servers.

From one of our Win 2000 boxes, the same subdomains as above exist and
all replicate to each other.

So are you saying the Application Directory replication is not
available on 2000 DOMAINS or DCs/DNS servers? Because the option is
there to create one from one of our 2003 DNS servers.

Sorry if I sound like a beginner with DNS.... its because I am ! But I
appreciate how helpful you are.

Cheers



--
bassaddict
------------------------------------------------------------------------
Posted via http://www.webservertalk.com
------------------------------------------------------------------------
View this thread: http://www.webservertalk.com/message1139050.html
Anonymous
July 26, 2005 1:19:30 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Oh and by the way, we have no Forest Root Domain, just a Domain
Controller that is the forest root for the whole domain. I am confusing
myself as I've been told that _msdcs.forestname should sit about the
DOMAIN.COM zone in DNS. But ours sits below. -

Still, anything else you can add??



--
bassaddict
------------------------------------------------------------------------
Posted via http://www.webservertalk.com
------------------------------------------------------------------------
View this thread: http://www.webservertalk.com/message1139050.html
Anonymous
July 27, 2005 4:40:49 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:bassaddict.1ss1t3@mail.webservertalk.com,
bassaddict <bassaddict.1ss1t3@mail.webservertalk.com> stated, which I then
commented on below:
> Hey
>
> Thanks to both of you for your replies. Let me just clarify the
> existing set up. Our Forest Root is 2003, and we have a mixture of Win
> 2000 and Win 2003 DCs and DNS Servers. All of our 15 branch offices
> have 2 DNS servers / DC's, one being Win 2000 and one being Win 2003.
> Each server points to itself for lookups and then to the Forest Root
> which is located at head office. Is this good practice?
>
> On our 2003 DNS servers, the option to create a default application
> directory partition is available (but not on the 2000 DNS boxes). Am i
> correct in thinking to set this up though, all DNS servers should be
> running on 2003? In my proposal, I am recommending upgrading all 2000
> to 2003 DNS and using Application Directory Partition to improve
> replication, but does the Forest Functional level need to be raised to
> 2003?
>
> Underneath our ForwardLookupZone, we have our domain (lets call it
> domain.com) Underneath here, we have the default _msdcs, _sites, _tcp,
> _udp, DomainDnsZones and ForestDnsZones. The DNS is active directory
> integrated and uses forwarders to the forest root without recursion
> for the domain, and then the Forest Root forwards WITH recursion to
> the ISP DNS servers.

If you have a child domain, and are delegating the child namespace to the
child domain's DNS servers, then yes, you would forward from the child
domain's DNS to the parent domain's DNS.

OTHERWISE, if you only have ONE domain, DO NOT FORWARD TO EACH OTHER or to
any others in the same domain. This will cause a forwarding loop and you
will be bound with issues. Configuring as such is only for a delegation or
stub scenario with child domains. If you have only one domain, as indicated
in your more recent post, forward from each INDIVIDUAL DNS to the ISP. Allow
recursion.

>
> From one of our Win 2000 boxes, the same subdomains as above exist and
> all replicate to each other.

The folders underneath with the underscores in them (e.g. _msdcs, _tcp,
_upd, and _sites), as you call "subdomains" are actually the SRV records,
and not necessarily subdomains. These are the service location records that
a DC registers into DNS and is used to locate domain controller services.

So I'm not entirely sure what you mean by they "...all replicate with each
other". Zone data in any AD Integrated zone types, since they are stored in
the actual physical AD database, will replicate to other DC/DNS servers
along with the default AD replication cycle, since they are part of the AD
database. If the understanding is skewed meaning you thought they replicate
"with each other", then in a way, they do, but all the data is replicated
based on AD's replication process just because they are part of the
database.

>
> So are you saying the Application Directory replication is not
> available on 2000 DOMAINS or DCs/DNS servers? Because the option is
> there to create one from one of our 2003 DNS servers.

The Application Partitions are not available for use by a Windows 2000
DC/DNS, albeit the partitions exist on such a machine, but it;s just that
you can't take advantage of the feature. The ability to use that feature is
only available by using Windows 2003 DC/DNS servers.

>
> Sorry if I sound like a beginner with DNS.... its because I am ! But I
> appreciate how helpful you are.
>
> Cheers

No problem. The only way you'll find out is if you ask!

Ace
Anonymous
July 27, 2005 4:45:21 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:bassaddict.1sstl5@mail.webservertalk.com,
bassaddict <bassaddict.1sstl5@mail.webservertalk.com> stated, which I then
commented on below:
> Oh and by the way, we have no Forest Root Domain, just a Domain
> Controller that is the forest root for the whole domain. I am
> confusing myself as I've been told that _msdcs.forestname should sit
> about the DOMAIN.COM zone in DNS. But ours sits below. -
>
> Still, anything else you can add??

My take is to move DNS services to only Windows 2003 servers. Once that is
done, then all the features will be of benefit.

Keep in mind, when choosing replication scope, the bottom radio button is
the DomainNC partition, which is one of the three logical partitions in a
Win2000 domain database. That is the one you need to choose if you are in a
mixed environment. If you chose to set the scope to one of the above radio
buttons, then that zone will only be available on a Win2003 DC/DNS server.

Once you have moved all DNS services to your Win2003 DC/DNS servers, then
the _msdcs zone should appear as a separate namespace that is delegated from
itself under the domain.com zone, which in that case, the _msdcs zone will
now appear as a grayed out folder. If you look at the _msdcs.domain.com
zone, you will now find it's replication scope set to the Forest app
partition.

Ace
!